From the two exercise you have performed, you can conclude that both virtual network peering and VPN gateways are used to facilitate virtual network communication. Both of them support the following connection scenarios:
- Virtual networks in different regions
- Virtual networks that are part of different Azure AD tenants
- Virtual networks deployed in different Azure subscriptions
- Virtual networks that use a mix of Azure classic and Azure Resource Manager deployment models
Similarities aside, let’s see how these are different (refer to Table 4.2).
TABLE 4.2 Comparing Virtual Network Peering and VPN Gateway
| Specification | Virtual Network Peering | VPN Gateway |
| Limits | Up to 500 virtual network peering per virtual network | One VPN gateway per virtual network, however, the maximum number of tunnels is SKU dependent |
| Pricing model | Ingress and egress cost | Hourly cost for the gateway and egress cost for the data transfer |
| Encryption | Encryption at software level is recommended | IPsec/IKE policies can be applied |
| Bandwidth limitations | No bandwidth limit | SKU dependent |
| Latency | Low latency | Higher latency compared to peering |
| Private connection | Yes, as the traffic is routed via Microsoft backbone network | Public IP is engaged |
| Transitivity | Nontransitive | If connected via VPN gateway and BGP is enabled, then transitivity works |
| Deployment time | Fast | 30 to 45 minutes |
| Use case scenarios | Data replication, database failover, data backup | Scenarios where you need encryption, where it’s not latency sensitive and high throughput is not required |
We will pick one of the aforementioned scenarios based on your use-case scenarios. You also have another scenario, where you can combine the power of peering and the ability of the VPN gateway to connect to on-premises to form hub-spoke architectures. Later in this chapter, you will cover gateway transit and how the hub-spoke architecture can be leveraged. For now, you will wind up the Azure-to-Azure connectivity and move on to Azure to on-premises connectivity.
Azure to On-Premises Connectivity
Though the title says on-premises, this section is applicable for any Azure to AWS, GCP, or any other cloud provider as well. Nevertheless, going forward, we will use on-premises for explaining concepts. Basically, there are two ways to connect on-premises to Azure; one is VPN gateway, and the other one is ExpressRoute. Let’s start with VPN gateways.
VPN Gateways
You saw one use-case scenario of VPN gateways when you implemented virtual network to virtual network connectivity; further, you can use VPN gateways to implement S2S and P2S connections as mentioned earlier. Along with S2S, you can also create P2S connections to your on-premises environment. Since we have already covered most of the details about VPN gateways in the previous section, let’s go ahead and learn about the site-to-site implementation.
Leave a Reply